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Centralized Identification and Authentication System and Method 



BACKGROUND OF THE INVENTION 



! FIELD OF THE INVENTION 

The present invention relates to a centralized identification and 
authentication system and method for identifying an individual over a 
communication network such as Internet, to increase security in e-commerce. 
More particularly a method and system for generation of a dynamic, non- 
predictable and time dependent SecureCode for the purpose of positively 
identifying an individual. 

2. DESCRIPTION OF THE RELATED ART 

The increasing use of the Internet and the increase of businesses utilizing 
e-commerce have lead to a dramatic increase in customers releasing confidential 
personal and financial information, in the form of social security numbers, names, 
addresses, credit card numbers and bank account numbers, to identify 
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themselves. This will allow them to get access to the restricted web sites or 
electronically purchase desired goods or services. Unfortunately this type of 
identification is not only unsafe but also it is not a foot proof that the user is really 
the person he says he is. The effect of these increases is reflected in the related 
art. 

U.S. Pat. No. 5,732,137 issued to Aziz outlines a system and method for 
providing remote user authentication in a public computer network such as the 
Internet. More specifically, the system and method provides for remote 
authentication using a one-time password scheme having a secure out-of-band 
channel for initial password delivery. 

U.S. Pat. No. 5,815,665 issued to Teper et al. outlines the use of a system 
and method for enabling consumers to anonymously, securely and conveniently 
purchase on-line services from multiple service providers over a distributed 
network, such as the Internet. Specifically, a trusted third-party broker provides 
billing and security services for registered service providers via an online 
brokering service, eliminating the need for the service providers to provide these 
services. 

U.S. Pat No 5,991,408 issued to Pearson , et ai. outlines a system and 
method for using a biometric element to create a secure identification and 
verification system, and more specifically to an apparatus and a method for 
creating a hard problem which has a representation of a biometric element as its 
solution. 
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Although each of the previous patents outline a valuable system and 
method, what is really needed is a system and method that offers digital identity 
to the users and allows them to participate in e-commerce without worrying about 
the privacy and security. In addition to offering security and privacy to the users, 
the new system has to be simple for businesses to adopt and also doesn't 
require the financial institutions to change their existing systems. Such a secure, 
flexible and scalable system and method would be of great value to the 
businesses that would like to participate in today's electronic commerce. 

None of the above inventions and patents, taken either singularly or in 
combination, is seen to describe the instant invention as claimed. Thus a 
centralized identification and authentication system and method solving the 
aforementioned problems is desired. 

For convenience, the term "user" is used throughout to represent both a 
typical person consuming goods and services as well as a business consuming 
goods and services. 

As used herein, a "Central-Entity" is any party that has user's personal 
and/or financial information, UserName, Password and generates dynamic, non- 
predictable and time dependable SecureCode for the user. Examples of Central- 
Entity are: banks, credit card issuing companies or any intermediary service 
companies. 

As also used herein, an "External-Entity" is any party offering goods or 
services that users utilize by directly providing their UserName and SecureCode 
as digital identity. Such entity could be a merchant, service provider or an online 
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site. An "External-Entity" could also be an entity that receives the user's digital 
identity indirectly from the user through another External-Entity, in order to 
authenticate the user, such entity could be a bank or a credit card issuing 
company. 

The term "UserName" is used herein to denote any alphanumeric name, 
id, login name or other identification phrase, which may be used by the "Central- 
Entity" to identify the user. 

The term "Password" is used herein to denote any alphanumeric 
password, secret code, PIN, prose phrase or other code, which may be stored in 
the system to authenticate the user by the "Central-Entity". 

The term "SecureCode" is used herein to denote any dynamic, non- 
predictable and time dependent alphanumeric code, secret code, PIN or other 
code, which may be broadcast to the user over a communication network, and 
may be used as part of a digital identity to identify a user as an authorized user. 

The term "digital identity" is used herein to denote a combination of user's 
"SecureCode" and user's information such as "UserName", which may result in a 
dynamic, non-predictable and time dependable digital identity that could be used to 
identify a user as an authorized user. 

The term "financial information" is used herein to denote any credit card and 
banking account information such as debit cards, savings accounts and checking 
accounts. 
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SUMMARY OF THE INVENTION 



The invention relates to a system and method provided by a Central-Entity 
for centralized identification and authentication of users and their transactions to 
increase security in e-commerce. The system includes: 



- A Central-Entity: This entity centralizes users personal and financial 
information in a secure environment in order to prevent the distribution of 
user's information in e-commerce. This information is then used to create 
digital identity for the users. The users may use their digital identity to identify 
themselves instead of providing their personal and financial information to the 
External-Entities; 

- A plurality of users: A user represents both a typical person consuming goods 
and services as well as a business consuming goods and services, who 
needs to be identified in order to make online purchases or to get access to 
the restricted web sites. The user registers at the Central-Entity to receive his 
digital identity, which is then provided to the External-Entity for identification; 

- A plurality of External-Entities: An External-Entity is any party offering goods 
or services in e-commerce and needs to authenticate the users based on 
digital identity. 

The user signs-up at the Central-Entity by providing his personal or 
financial information. The Central-Entity creates a new account with user's 
personal or financial information and issues a unique UserName and Password 
to the user. The user provides his Username and Password to the Central-Entity 
for identification and authentication purposes when accessing the services 
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provided by the Central-Entity. The Central-Entity also generates dynamic, non- 
predictable and time dependent SecureCode for the user per user's request and 
issues the SecureCode to the user The Central-Entity maintains a copy of the 
SecureCode for identification and authentication of the user's digital identity. The 
user presents his UserName and SecureCode as digital identity to the External- 
Entity for identification. When an External-Entity receives the user's digital 
identity (UserName and SecureCode), the External-Entity will forward this 
information to the Central-Entity to identify and authenticate the user. The 
Central-Entity will validate the information and sends an approval or denial 
response back to the External-Entity. 

There are also communications networks for the user, the Central-Entity 
and the External-Entity to give and receive information between each other. 

This invention also relates to a system and method provided by a Central- 
Entity for centralized identification and authentication of users to allow them 
access to restricted web sites using their digital identity, preferably without 
revealing confidential personal or financial information. 

This invention further relates to a system and method provided by a 
Central-Entity for centralized identification and authentication of users to allow 
them to purchase goods and services from an External-Entity using their digital 
identity, preferably without revealing confidential personal or financial 
information. 

Accordingly, it is a principal object of the invention to offer digital identity to 
the users for identification in e-commerce. 
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It is another object of the invention to centralize user's personal and 
financial information in a secure environment. 

It is another object of the invention to prevent the user from distributing 
their personal and financial information. 

It is a further object of the invention to keep merchants, service providers, 
Internet sites and financial institutions satisfied by positively identifying and 
authenticating the users. 

It is another object of the invention to reduce fraud and increase security 
for e-commerce. 

It is another object of the invention to allow businesses to control visitor's 
access to their web sites. 

It is another object of the invention to protect the customer from getting 
bills for goods and services that were not ordered. 

It is another object of the invention to increase customers* trust and reduce 
customers* fear for e-commerce. 

It is another object to decrease damages to the customers, merchants and 
financial institutions. 
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It is an object of the invention to provide improved elements and 
arrangements thereof for the purposes described which are inexpensive, 
dependable and fully effective in accomplishing its intended purposes. 

These and other objects of the present invention will become readily 
apparent upon further review of the following specification and drawings. 
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BRIEF DESCRIPTION OF THE DRAWINGS 



Fig. 1 is a high-level overview of a centralized identification and authentication 
system and method according to the present invention. 

Fig. 2 is a detailed overview of a centralized identification and authentication 
system and method according to the present invention. 

Fig. 3 is a block diagram of the registration of a customer utilizing a centralized 
identification and authentication system and method according to the present 
invention. 

Fig. 4 is a block diagram of the transaction of a customer utilizing a centralized 
identification and authentication system and method according to the present 
invention. 

Fig. 5 is a block diagram of a Central-Entity authorizing a user utilizing a 
centralized identification and authentication system and method according to the 
present invention. 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 



Detailed descriptions of the preferred embodiment are provided herein. It 
is to be understood, however, that the present invention may be embodied in 
various forms. Therefore, specific details disclosed herein are not to be 
interpreted as limiting, but rather as a basis for the claims and as a 
representative basis for teaching one skilled in the art to employ the present 
invention in virtually any appropriately detailed system, structure or manner. 

The invention relates to a system 1 and method 2 to identify and 
authenticate the users and their transactions to increase security in e-commerce. 
Fig, 1 illustrates a system to positively identify the users 10 in e-commerce 
based on digital identity. 

The system 1 comprises a plurality of users 10, a plurality of External- 
Entities 20 with goods and services that are desired by the users 10 and a 
Central-Entity 30 providing a unique UserName and Password to the users 10 
and generating dynamic, non-predictable and time dependent SecureCode for 
the users 10 per user's request. There are also communication networks 50 for 
the user 10, the Central-Entity 30 and the External-Entity 20 to give and receive 
information between each other. 

It would be desirable to develop a new system 1 and method 2 to 
centralize user's personal and financial information in a secure environment and 
to offer digital identity to the users 10 in order to provide privacy, increase 
security and reduce fraud in e-commerce. Ideally, a secure identification and 
authentication system 1 would identify legitimate users 10 and unauthorized 
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users 10. This would increase the user's trust, which leads to more sales and 
cash flow for the merchants/service providers. 

The present invention relates to a system 1 and method 2 to support this 
ideal identification and authentication system. For identification purpose, a digital 
identity (a unique UserName and a dynamic, non-predictable and time 
dependent SecureCode) is used by the user 10 at the time of ordering or at the 
time of accessing a restricted Internet site. A series of steps describing the 
overall method are conducted between the users 10, the Central-Entity 30 and 
the External-Entity 20 and are outlined in Fig. 3,4,5. 

There are three distinct phases involved in using the centralized 
identification and authentication system Fig. 2, the first of which being the 
registration phase, which is depicted in Fig. 3. During the registration phase, the 
user 10 provides his personal or financial information to the Central-Entity 30. 
The user 10 registers at the Central-Entity 30, 100, 104 and receives his account 
and login information such as UserName and Password 108. User 10 can access 
his account at any time by accessing the Central-Entity's system using a 
communication network 50 and logging into the system. 

Next is the transaction phase, where the user 10 attempts to access a 
restricted web site or attempts to buy services or products 110, as illustrated in 
Fig. 4, through a standard interface provided by the External-Entity 20, similar to 
what exists today and selects digital identity as his identification and 
authorization or payment option. The External-Entity 20 displays the access or 
purchase authorization form requesting the user 10 to authenticate himself using 
his UserName and SecureCode as digital identity. The user 10 requests 
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SecureCode from the Central-Entity 30 by accessing his account over the 
communication network 50, 114. The Central-Entity 30 generates dynamic, non- 
predictable and time dependable SecureCode 118 for the user 10. The Central- 
Entity 30 maintains a copy of the SecureCode for identification and 
authentication of the user 10 and issues the SecureCode to the user 10. When 
the user 10 receives the SecureCode 120, the user 10 provides his UserName 
and SecureCode as digital identity to the External-Entity 20, 124, Fig. 4. 

The third phase is identification and authorization phase. Once the user 10 
provides his digital identity to the External-Entity 20, the External-Entity 20 
forwards user's digital identity along with the identification and authentication 
request to the Central-Entity 30, 130, as illustrated in Fig. 5. When the Central- 
Entity 30 receives the request containing the user's digital identity, the Central- 
Entity 30 locates the user's digital identity (UserName and SecureCode) in the 
system 134 and compares it to the digital identity received from the External- 
Entity 20 to identify and validate the user 10, 138. The Central-Entity 30 
generates a reply back to the External-Entity 20 via a communication network 50 
as a result of the comparison. If both digital identities match, the Central-Entity 30 
will identify the user 10 and will send an approval of the identification and 
authorization request to the External-Entity 20, 140, otherwise will send a denial 
of the identification and authorization request to the External-Entity 20, 150. The 
External-Entity 20 receives the approval or denial response in a matter of 
seconds. The External-Entity 20 might also display the identification and 
authentication response to the user 10. 

To use the digital identity feature, the Central-Entity 30 provides the 
authorized user 10 the capability to obtain a dynamic, non-predictable and time 
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dependable SecureCode. The user 10 will provide his UserName and 
SecureCode as digital identity to the External-Entity 20 when this information is 
required by the External-Entity 20 to identify the user 10. 

The Central-Entity 30 may add other information to the SecureCode 
before sending it to the user 10, by algorithmically combining SecureCode with 
user's information such as UserName. The generated SecureCode will have all 
the information needed by the Central-Entity 30 to identify the user 10. In this 
case the user will only need to provide his SecureCode as digital identity to the 
External-Entity 20 for identification. 

In the preferred embodiment, the user 10 uses the communication 
network 50 to receive the SecureCode from the Central-Entity 30. The user 10 
submits the SecureCode in response to External-Entity's request 124. The 
SecureCode is preferably implemented through the use of an indicator. This 
indicator has two states: "on" for valid and "off* for invalid. When the user 10 
receives the SecureCode, the SecureCode is in "on" or "valid" state. The 
Central-Entity 30 may improve the level of security by invalidating the 
SecureCode after it's use. This may increase the level of difficulty for 
unauthorized user. Two events may cause a valid SecureCode to become 
invalid: 

1 . Timer event: This event occurs when the predefined time passes. As 
mentioned above the SecureCode is time dependent. 

2. Validation event: This event occurs when the SecureCode forwarded 
to the Central-Entity 30 (as part of digital identity) corresponds to the 
user's SecureCode held in the system. When this happens the Central- 
Entity 30 will invalidate the SecureCode to prevent future use and 
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sends an approval identification and authorization message to the 
External-Entity 20,140. 

A valid digital identity corresponds to a valid SecureCode. When the 
SecureCode becomes invalid, the digital identity will also become invalid. 

While the invention has been described in connection with a preferred 
embodiment, it is not intended to limit the scope of the invention to the particular 
form set forth, but on the contrary, it is intended to cover such alternatives, 
modifications, and equivalents as may be included within the spirit and scope of 
the invention as defined by the appended claims. 
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